6.5

CVE-2025-28172

EPSS 0.05%
Veröffentlicht 29.07.2025 15:15:34
Zuletzt bearbeitet 06.08.2025 20:53:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Grandstream ≫ Ucm6510 Firmware Version <= 1.0.20.52

Grandstream ≫ Ucm6510 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

http://grandstream.com

Product

https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdf

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-28172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-28172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-28172

EUVD